Critical security vulnerability - axios

mintproject / data-catalog

0 stars 0 forks source link

Critical security vulnerability - axios #3

Open mosoriob opened 3 years ago

mosoriob commented 3 years ago

warning serverless > @serverless/enterprise-plugin > @serverless/platform-client > axios@0.19.2:
 Critical security vulnerability fixed in v0.21.1. For more information, see https://github.com/axios/axios/pull/3410

mosoriob commented 3 years ago

@summer7xinting can you fix it, please?

dnfeldman commented 3 years ago

@mosoriob where do you see that warning? The 3.1.2 version of @serverless/enterprise-plugin that is currently running doesn't seem to use axios. That dependency was introduced at some point between 3.1.2 and 3.8.4. Also, the newest version depends on problematic version of axios (0.19.2).

Since the current version of dcat doesn't have the vulnerability, perhaps we can leave it as it is and wait until @serverless/enterprise-plugin updates its default axios dependency to v0.21.1?